Did Anonymous reconstruct the Korean War with hacks?

On the 63rd anniversary of the start of the Korean War, websites in both North and South Korea have gone dark. It looks to be the handiwork of Anonymous and might be a continuation of #OpNorthKorea, an open threat to release North Korean military secrets.

“South Korean hackers working under the ‘Anonymous’ collective,” wrote NK News’s James Pearson, “appear to have staged a modern-day reconstruction of events by first hacking South Korean websites, then ‘counter-attacking’ North Korean websites.”

Hackers hit the site of South Korea’s Blue House, the Korean equivalent of the White House, as well as the prime minister’s website. South Korean broadcasters KBS and YTN were also hit, according to NK News. Regional party websites, the National Tax Service and Korea.net were also affected. Most were back up in short order.

“The Presidential website was defaced with a message in red saying ‘Long live general Kim Jong Un, [our] unified president!,’” according to NK News’ James Pearson, “and was branded with Anonymous logos and Twitter handles consistent with the group’s style.”

NK News was also told by “Twitter users operating under Anonymous-affiliated handles” that they had been “framed.”

A video posted Monday night, though, apparently showed an Anon hacker committing the hack on the Blue House site with the w3b_avtix hacking toolkit. (It has since been removed for violating YouTube’s terms of service.

Several documents were leaked via the Blue House hack, but none were related to North Korea. Instead, they included a previously leaked Saenuri Party list, related to “a pre-April 2012 parliamentary election scandal;” and personnel records of the U.S. Army’s 3rd Marine, 25th Infantry, and 1st Cavalry Divisions. These units were involved in OPLAN 5027, “an ongoing U.S.-South Korean joint exercise to prepare for a possible North Korean invasion of the South,” and all of them fought in the Korean War.

In North Korea, hackers claimed to have knocked out the website for “the national airline, Air Koryo, the Rodong Sinmun newspaper, the North's official Uriminzokkiri site and Naenara, the country's state-run Internet portal,” according to the Associated Press.

While slow to respond (presumably due to a distributed denial of service attack), NK News found those sites.